What is mobile security? Eight key pieces of a secure mobility strategy
According to a recent survey by IBM and the Information Security Media Group, 99 percent of today’s workforce uses mobile devices to get their job done, and 59 percent of security leaders claim their organizations are either partially or fully mobile. However, 63 percent of leaders also admitted that mobility comes with more security risks than they expected.
Though many organizations have already invested in mobile device management (MDM) technology — which is a good place to start — they need to take a more holistic approach to mobile security if they want to protect their assets.
What is mobile security, anyway?
Today, most IT professionals are primarily concerned about the security of mobile devices themselves — whether personal or corporate-issued. After all, it’s inevitable that devices will be lost or stolen. However, a comprehensive mobile security strategy must also factor in application and content security, as well as malware and fraud detection and prevention.
While the business world is still in the early stages of mobile enterprise transformation, the fact is that many organizations have not done this yet and are subsequently putting sensitive corporate data at risk. According to the survey, nearly 60 percent of respondents claim concerns about security have inhibited their mobile deployment.
Enterprises need to keep mobile security top of mind
Though many organizations report they experience increased productivity by letting employees use their own devices to access corporate data and applications, the risks to security are also increasing. According to Security Intelligence, there are a staggering 387 new threats to smartphones every minute, and 97 percent of top paid Android apps and 87 percent of iOS apps have been hacked at some point. In spite of this, users will inevitably download personal apps without knowing what the security flaws are, thereby introducing significant risk into the organization.
Threats that executives must consider when developing a comprehensive mobile security strategy include the eight following vectors:
- Lost or stolen devices
It may be the most obvious of threats, but it is no less important. Any confidential information stored on lost or stolen devices may fall into the hands of attackers, so organizations need to deploy MDM technologies to enable remote wiping of compromised devices.
- Password reuse
No matter how often security administrators tell employees to create complex and unique passwords, the simple fact is that many people will reuse the same weak passwords across multiple systems, making their accounts easy to exploit. To handle this issue, organizations must enforce stricter authentication requirements, including multifactor authentication or biometrics.
- Insecure connections
Many users don’t even realize they are accessing corporate data and applications through unsecured connections, making it imperative for organizations to restrict access to unencrypted networks. This includes potentially malicious hotspots.
It’s all too easy for attackers to send emails from seemingly trustworthy sources, asking users to change their passwords. If users fall for the trap, attackers can easily gain control of access to all applications and systems the authorized user has permissions to.
- Compromised credentials
When attackers gain authorized users’ credentials, they can pose as legitimate users, sometimes going undetected for months. However, with network monitoring tools, organizations can detect irregular activity and develop a baseline for normal behavior.
When a device is infected with malware and the user accesses the corporate network, malware can then spread across the internal network. To prevent this, organizations should not let devices connect directly to a virtual private network, and they should deploy tools that can proactively identify compromised devices.
- Malicious apps
Users can often be fooled into downloading malicious apps without understanding which permissions the app requires, thereby giving the app owner access to critical business information and network settings.
Users will often download documents and data to third-party collaboration platforms, regardless of whether IT approves them. Organizations need to deploy tools that restrict what users can download to approved platforms through policy-based identity access and management platforms.
Though mobile transformation has already begun, businesses need to move beyond the question of “What is mobile security?” to the more complex question of “How do we actually do it, and how do we do it well?” Many companies have already deployed MDM technologies to secure the devices themselves, but it’s now time for organizations to make greater investments in application security, content and collaboration, as well as managing access and fraud prevention to secure the mobile enterprise.